I have deployed an application on JBoss 3.2.3 which uses the login module of JBoss. Now for testing some particular functionality of the application, I need to bypass (dont want logins) the login. What I did was that I eliminated the scurity-domain in jboss-web.xml, so the following line

<security-domain>java:/jaas/http-invoker</security-domain>

became

<security-domain></security-domain>

I also commented a few url-patterns and http-methods in security constraint in web.xml. By doing this I didnt get the login dialog but when I clicked on some link which used the EJBs, an authentication exception was thrown with principal = null.

I tried commenting all security-role-ref tags and role-name tags in method-permission in ejb-jar.xml but that caused exception at server start up.

Anyone has any idea what I am doing wrong or any solution to the problem.

I think you have to disable security in both the web module (by removing or commenting the security-domain element in the jboss-web.xml as you already did) AND the EJB module. The latter is done in jboss.xml, where you also have to comment out/remove the security-domain element.

Thanx for the prompt reply. Yes you are right about disabling security in EJB module. It helped but I have a new problem :). If possible pl check out the new thread 'How to use an unauthenticated user in JBoss' under General J2EE.

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations technology projects - with its network of technology-specific websites, events and online magazines.